Stopped ICE/Moneypak Screen Take Over and Still Infected. [Solved]

I ended up with the ICE/Moneypak screen take over virus. After going into safe mode, I ran Avira which found 2 Trojans. They were removed, but on restart the PC said the Recycle Bin was corrupt and shortly after the ICE screen take over returned. I went to safe mode again and ran a trial copy of HitmanPro. This found 8 Trojans and some other issues, and then fixed them. The PC is now running in normal mode without the virus taking over the screen, but Avira keeps blocking a host attempt, the Recycle Bin is corrupt warning pops up, and RKill says it found ZeroAccess rootkit issues. I have posted one of the three tools logs as the "How To" asks, and would like some help getting the PC cleaned up.

Hi Marius,
I followed your instructions and have attached the log to this reply as you said to "attach it to your next reply". If you meant for me to just include it, my apologies.
Thanks,
Sean
mbar_log_2013_06_18__09_44_36_.txt3.52KB69 downloads

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.
When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.
Send the mbar-log.txt along with an update on machine behavior.

So I ran the MBar again, still found 7 items. Did the clean up and it came up fine. The program didn't ask for a reboot, so I did it myself. Ran the program again and it found nothing. I have included the most recent log. Right now the machine seems to be running great. If we are looking clean, then my follow up question will be about what I should run in terms of prevention. Right now using AVG free and cc cleaner. The firewall I used in the past made the machine so slow I couldn't use it, so I have to admit right now the Windows one is it.
Sean
mbar_log_2013_06_19.txt2.13KB41 downloads

Will deleting these files cause programs to have issues? I don't know what they are, but I see AVG in one of the lines for example. Also, the ESET was a scanner, but didn't seem to have a delete, or clean up, button. How would I best go about deleting them?
Sean

That´s part of the new free version of avira. I would recommend to use another free antivirus as the ask toolbar delivered with avira is adware itself.
The ESET scanner was an online scan, only done with a plugin for your browser and some temp files. You cann uninstall it after our cleanup via add/remove programs.

Protection
What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.

Up to date Software
Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

Backups
There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.

Brains
It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Thank you so much for your help. I really appreciate your time and patience with someone who is not all that computer savvy.
I am going to go with Malewarebytes as the free version has helped me before, so I would be comfortable with buying the full version. The other updates have been installed and I also turned on Windows 7 auto updates.
Sean

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.